Overview

overview

1

Static

static

1

URLScan

urlscan

1

https://go.onelink.m...

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2023 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://more.att.com/currently/imap

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature&af_web_dp=https://more.att.com/currently/imap
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4284
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4284 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4928

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    97040a9a5a905f354aca318b7c005594

    SHA1

    b1a429b82f3f030dc38ce8e04cd79f9c676a6113

    SHA256

    89fc8d4fe563957f6c0b0f4bb1ffc1f03aadd30cc2e3980cc3208bb31c9deb7b

    SHA512

    85b651c10e37dd2c2a03f56899fb0840aade8080a3f87466e1e72cc8c1386facfad4d62fd9908846cafcce505d25f860d00cf73299e3d41e257ceb3d79c50e0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    27eeb470ea47791b773b0c543d47d7c0

    SHA1

    cf692b6241651b506a7639c0c02f4ab582b728bb

    SHA256

    887291e1eaf9e037071221908bc110ee40235c5d9c6dd4001699cdbfd55c9cd4

    SHA512

    23f1b1f25ca82aa1b9a235921ba87b86f61e58a1d19b031547144a6035144b14c0ca1f7a9391c00eca50c0be4f35a161d0b4402cdff37f1c9350a368ce3f1321

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    a02619d2e699c3f79aa3749ac0369aec

    SHA1

    492fccfbf30bf3d26b371aabc3678f9107297f6a

    SHA256

    fcbc4fbe458adcca12935973b792c49f1487fbe15567c4b100efdc981dec8c2a

    SHA512

    dd24df3ab3ba3f99cb0e8de29e1251d902a53aa038dddf24010c6f61457933dc0c5aaef7573618924c90e91e7d3d1076049b6a0993646d60e7f748ede1329ae9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    adde6ce6ee3e672323b6c63eac2c7564

    SHA1

    e55deadb132482741fe2bfd44a6a7f737749a18e

    SHA256

    a61f60a6110c9429f435b88f6d0e0bcf7efa8ac4acb2ffa06eb3f4b00e9b0ce2

    SHA512

    c45e524cc07e4e9036fe26b2f41d09039011740cee8833e44b2e0a5de4ce935b214b26b93358db29b43a6bb925f4b0c94426501e5ae64668db5a3d936a351af1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DR465C5C\more.att[1].xml
    Filesize

    415B

    MD5

    c2e371772f376d5376d0e2aaafd22e8f

    SHA1

    c8ef6a0e2502a50bde5d0b71035882b0b891124d

    SHA256

    c5e53c0b65caed6656a0ef05cd0f6956a02ff70220a5c92e8d57969cc7c80b61

    SHA512

    33e9dcde3346a11764337631676fffd34f2db326f81b7a40568d40d1e3bf5278a05c24e25cd9bcf46b291fa8092c1bcf234f0bf4a4e4222accf437ab5c7c98e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DR465C5C\more.att[1].xml
    Filesize

    657B

    MD5

    ff11da18c61758db8c332bca5bba9914

    SHA1

    8703db427b134c09bc065209291c26bfecd5ac23

    SHA256

    85244bc92541b44cbd23893b5eb2dcbbda37ba5c158c45321a17433d8413b074

    SHA512

    3d30364bf0f6c3fc1db5c00a49637424d8b148a1463bc62fe6ea97cae1c64235ae7646a2e83861f643d4a2698e2a9d5aa936accd723a9e93bd0c016878afcb63

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\cz9baam\imagestore.dat
    Filesize

    5KB

    MD5

    04af6181f32b8d2c5d5f80fa9d86b036

    SHA1

    8045f3aa8766b5de436d26fcdc50c3f324b23b54

    SHA256

    bbd73b31122d7c522a466667633e4f41b0ade0af455555174872b0e9f52775c5

    SHA512

    b60dfa48bb18d334c1b659f512067d44a0d0e7e643ffa844f1b823b4edaf248767a384c3b4b50fd52e98f38170b444d21f688d16420d0390c21e970960450a8c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\css_w4ZXfv1BwMfVOAjurUNikWsJ03ousxxrrXgBAZ_wnxs[1].css
    Filesize

    34KB

    MD5

    13204981256e7b8c7dec451831dbc4d8

    SHA1

    812c368e35f58f106a1598a24cf9b652f759c992

    SHA256

    c386577efd41c0c7d53808eead4362916b09d37a2eb31c6bad7801019ff09f1b

    SHA512

    0c1cd516a3ee90c73bf52fefe78f6686f915daf54be76db6c67fcc6e587ff6c50fc8ef2e7f7a18370509eaa98f5f301ac87a8a85e0d31a94d93f71b7c1959dd9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\css_JDiaKlJzqJ7LxQngb_HBOudss40CA6Znl53aMWGRA-0[1].css
    Filesize

    29KB

    MD5

    af4d376ac26cbdb35fe8e4a84066af2b

    SHA1

    0791fbaf481c44d671bd5b507f03f7db8a7a145f

    SHA256

    24389a2a5273a89ecbc509e06ff1c13ae76cb38d0203a667979dda31619103ed

    SHA512

    f5bb420913fa31fa0acb31073cc22e20c0ebe5f8bb15a610dcb7c63274212d74ae2ba04af6814dda21662bff0ffeba951fa2ed8c3e8c68c2f10ad56bfad7eed1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\css_JiX82VzWSnIFKN5OdxMVvWTwKeETrGOvy3QIfK_72Hc[1].css
    Filesize

    7KB

    MD5

    7c003eb87f932ef02d6ff1a06d565443

    SHA1

    8dfb43e9191d5a8387dabad5170fdea6b9c7a488

    SHA256

    2625fcd95cd64a720528de4e771315bd64f029e113ac63afcb74087caffbd877

    SHA512

    a992dc0ab3f77b846649fc9f58d8c18b05abe575718d503e8d8142bc2e2cda376936b709da182061b4326360381aa91988ed072a56ce4dccf441bc528fa15b57

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\css_jaSSoqitnifbA1CfAy9DpPDdx4dveftAKsldFIi2o3A[1].css
    Filesize

    4KB

    MD5

    5dad02b53b687f7442684e53c58da535

    SHA1

    b80f6475915c75dacfa44cb30d5647e6e22a193e

    SHA256

    8da492a2a8ad9e27db03509f032f43a4f0ddc7876f79fb402ac95d1488b6a370

    SHA512

    a506a018761f9054d1643d19dec7bea859c11b6f21941a54a5a48ed37dde585a4e3f51785b73f566edad869985697765578ff634bc8493e5778cc2fc4c709f1f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\js[1].js
    Filesize

    112KB

    MD5

    defd8f54f4201e5a89da24a219d6e4f1

    SHA1

    663851c0a2b39022002d060ffc97decaf8682505

    SHA256

    d6410f5b98a4c2741e41a17f72d14072a059ba284a84c487e5180e3ab662b2d7

    SHA512

    8b89b2e66e0af7c7f79ad2e023f2b9bf7dba8de6074ab4a74855bc884a03afde13a79cef7bab3624df856040dcfcea77e663d26296b5f809bbc92e1985a397d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\css_CNuXzrKtv4z4kkYblk85aDp-tzROJ-LTThMRIn6sxyI[1].css
    Filesize

    217KB

    MD5

    82233c3b524a388a1a833762a70c5316

    SHA1

    c4c5e2bd1234f1584bfa039500cbfbda34d5dd51

    SHA256

    08db97ceb2adbf8cf892461b964f39683a7eb7344e27e2d34e1311227eacc722

    SHA512

    f8b338125dfd3ad851faadf5114deb7ce5ceea4fbff492ef6da8b3be1146a9a6cb31b52b92a15ba8cecc2c9f3d7d2fe5388c9c275af580831334a7de38cf91b8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\css_bXOOz70_WHPg5fSbf6NsyY6X48M23RTPavWnEhZJAZ4[1].css
    Filesize

    83KB

    MD5

    1cfbe76c01ad3b0027c1e65b16f35e42

    SHA1

    91c57ca54cf852a6ebd5727f5bea932fcb481da4

    SHA256

    6d738ecfbd3f5873e0e5f49b7fa36cc98e97e3c336dd14cf6af5a7121649019e

    SHA512

    1314b9e4d4724b55b0a1d8ad5a621ccd0b4081bc16766bee95f5105e28125321d7560ae452914abb567a19493a78c9a5d5ffb89e35681a715e9735201969ba24

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RUOQG7D6\favicon[1].ico
    Filesize

    5KB

    MD5

    af03ddb255dda32eb1de5fd069708d54

    SHA1

    cd695e9b5580b637e6cdf7e98eedaa690060e4fd

    SHA256

    ed9fb7011ca807a050ca7c39bdcd1acbe6848c45822a23c628d4fb0aea10ebb5

    SHA512

    7109a7e84721551327d19e77702423beb4924caa91adf79d9a85e843b01622e573250da7befe3fb7a5f75b5475696b1e9696f1cea475e38cf7bbac9d946d4656

    Download Submit